revision for PRO-2015-661R02 alignment

CDT-accessControlPolicy-v0_8_0.xsd

@@ -22,11 +22,13 @@ ANY CLAIM, AND IN NO EVENT SHALL oneM2M BE LIABLE FOR LOST PROFITS OR OTHER INCI
 oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PROVIDED IN THIS DOCUMENT IS AT THE RISK OF THE USER.
 
 -->
-<xs:schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.onem2m.org/xml/protocols"
-	xmlns:m2m="http://www.onem2m.org/xml/protocols" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+<xs:schema xmlns="http://www.w3.org/2001/XMLSchema"
+	targetNamespace="http://www.onem2m.org/xml/protocols"
+	xmlns:m2m="http://www.onem2m.org/xml/protocols" xmlns:xs="http://www.w3.org/2001/XMLSchema"
+	elementFormDefault="unqualified">
 
-	<xs:include schemaLocation="CDT-commonTypes-v0_8_0.xsd" />
-	<xs:include schemaLocation="CDT-subscription-v0_8_0.xsd" />
+	<xs:include schemaLocation="CDT-commonTypes-v0_8_0.xsd"/>
+	<xs:include schemaLocation="CDT-subscription-v0_8_0.xsd"/>
 
 	<xs:element name="accessControlPolicy">
 		<xs:complexType>
@@ -35,13 +37,14 @@ oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PR
 				<xs:extension base="m2m:announceableSubordinateResource">
 					<xs:sequence>
 						<!-- Resource Specific Attributes -->
-						<xs:element name="privileges" type="m2m:privileges" />
-						<xs:element name="selfPrivileges" type="m2m:selfPrivileges" />
+						<xs:element name="privileges" type="m2m:setOfAcrs"/>
+						<xs:element name="selfPrivileges" type="m2m:setOfAcrs"/>
 
 						<!-- Child Resources -->
 						<xs:choice minOccurs="0" maxOccurs="1">
-							<xs:element name="childResource" type="m2m:childResourceRef" maxOccurs="unbounded" />
-							<xs:element ref="m2m:subscription" maxOccurs="unbounded" />
+							<xs:element name="childResource" type="m2m:childResourceRef"
+								maxOccurs="unbounded"/>
+							<xs:element ref="m2m:subscription" maxOccurs="unbounded"/>
 						</xs:choice>
 					</xs:sequence>
 				</xs:extension>
@@ -56,13 +59,14 @@ oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PR
 				<xs:extension base="m2m:announcedSubordinateResource">
 					<xs:sequence>
 						<!-- Resource Specific Attributes -->
-						<xs:element name="privileges" type="m2m:privileges" />
-						<xs:element name="selfPrivileges" type="m2m:selfPrivileges" />
+						<xs:element name="privileges" type="m2m:setOfAcrs"/>
+						<xs:element name="selfPrivileges" type="m2m:setOfAcrs"/>
 
 						<!-- Child Resources -->
 						<xs:choice minOccurs="0" maxOccurs="1">
-							<xs:element name="childResource" type="m2m:childResourceRef" maxOccurs="unbounded" />
-							<xs:element ref="m2m:subscription" maxOccurs="unbounded" />
+							<xs:element name="childResource" type="m2m:childResourceRef"
+								maxOccurs="unbounded"/>
+							<xs:element ref="m2m:subscription" maxOccurs="unbounded"/>
 						</xs:choice>
 					</xs:sequence>
 				</xs:extension>
@@ -70,83 +74,300 @@ oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PR
 		</xs:complexType>
 	</xs:element>
 
-	<!-- TODO: Questions 1. Do we need to give all these types explicit names? 2. Should some or all of these go into CDT-Common 
-		Types or CDT-Enumerations? -->
+	<!-- TODO: 1) final decision: Should some or all of the data types defined below go into CDT-Common Types 
+		          (and "m2m:accessControlOperations" into CDT-Enumerations) ? 
+	           2) define short names for "setOfAcrs" and all its elements names (CR to TS-0004 for next PRO WG meeting)   -->
 
-	<xs:complexType name="privileges">
+	<xs:complexType name="setOfAcrs">
 		<xs:sequence>
-			<xs:element name="accessControlRule" type="m2m:accessControlRule" minOccurs="0" maxOccurs="unbounded" />
+			<xs:element name="accessControlRule" type="m2m:accessControlRule" minOccurs="0"
+				maxOccurs="unbounded"/>
 		</xs:sequence>
 	</xs:complexType>
 
-	<xs:complexType name="selfPrivileges">
-		<xs:sequence>
-			<xs:element name="accessControlRule" type="m2m:accessControlRule" maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
 
-    <!-- TODO: Update TS0004 to match this (needs CR) -->
 	<xs:complexType name="accessControlRule">
 		<xs:sequence>
-			<xs:element name="accessControlOriginators" type="m2m:listOfURIs" />
-			<xs:element name="accessControlOperations" type="m2m:accessControlOperationList" />
-			<xs:element name="accessControlContexts" type="m2m:accessControlContexts" minOccurs="0" />
-		</xs:sequence>
-	</xs:complexType>
+			<xs:element name="accessControlOriginators" type="m2m:listOfURIs"/>
 
-	<xs:complexType name="accessControlOperationList">
-		<xs:sequence>
-			<xs:element name="accessControlOperation" type="m2m:accessControlOperation" minOccurs="1" maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
-
-	<xs:complexType name="accessControlContexts">
-		<xs:sequence>
-			<xs:element name="accessControlWindows" type="m2m:accessControlWindows" minOccurs="0" maxOccurs="unbounded" />
-			<xs:element name="accessControlIpAddresses" type="m2m:accessControlIpAddresses" minOccurs="0" maxOccurs="unbounded" />
-			<xs:element name="accessControlLocationRegions" type="m2m:accessControlLocationRegions" minOccurs="0"
-				maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
+			<!-- accessControlOperations defined as enumerated list 1 ... 63           -->
+			<xs:element name="accessControlOperations" type="m2m:accessControlOperations"/>
+			
+			<!--  TODO:  mismatch between TS-0004 and TS-0003:    
+				         TS-0003 defines that "accessControlContexts" is comprised of multiple "context sets", where  
+				         each such context set is comprised of 3 parts (setOfTimeWindows, setOfIPAddresses, setOflocationRegions)
+				         Two options to resolve this mismatch:
+				         1) allow "accessControlContexts" element multiplicity 0 .. n in Table 6.3.4.27-1 of TS-0004
+				         2) define "accessControlContexts" as of type "m2m:context" which has multiplicity 1 .. n 
+				         Below option 1) is implemented:                                                             -->
+			<xs:element name="accessControlContexts" minOccurs="0" maxOccurs="unbounded">
+				<xs:complexType>
+					<xs:sequence>
 
-	<xs:complexType name="accessControlWindows">
-		<xs:sequence>
-			<xs:element name="accessControlWindow" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
+						<!-- TODO:  mismatch with TS-0003: 
+							  element is called "accessControlTimeWindow" in TS-0001 and and TS-0004,
+						                         but "accessControlTimeWindows" in TS-0003                           -->
+						<xs:element name="accessControlWindow" type="m2m:scheduleEntry" minOccurs="0" maxOccurs="unbounded" />
+						
+						<!--  TODO:  mismatch with TS-0001: element is called accessControlIpAddress in TS-0001 
+						             It is also called "accessControlIpAddresses" in TS-0003      -->
+						<xs:element name="accessControlIpAddresses" minOccurs="0">
+							<xs:complexType>
+								<xs:sequence>
+									<!--  TODO:  it should be possible to include both IPv6 and IPv4 address. 
+										         Present text in TS-0004 is ambiguous. Not clear if "or" in TS-0001 is inclusive or exclusive 
+									             Below it is interpreted as inclusive.                          -->
+									<xs:element name="listOfIPv4" type="m2m:listOfIPv4" minOccurs="0" maxOccurs="1"/>
+									<xs:element name="listOfIPv6" type="m2m:listOfIPv6" minOccurs="0" maxOccurs="1"/>
+								</xs:sequence>
+							</xs:complexType>
+						</xs:element>
 
-	<xs:complexType name="accessControlIpAddresses">
-		<xs:sequence>
-			<xs:element name="accessControlIpAddress" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded" />
+						<!--  TODO:  mismatch with TS-0001: element is called accessControlLocationRegion in TS-0001 
+						             It is also called "accessControlLocationRegions" in TS-0003  and TS-0004-->
+						<xs:element name="accessControlLocationRegions" type="m2m:locationRegion" minOccurs="0" maxOccurs="unbounded" />
+						
+				    </xs:sequence>
+				</xs:complexType>
+			</xs:element>
 		</xs:sequence>
 	</xs:complexType>
 
-	<xs:complexType name="accessControlLocationRegions">
-		<xs:sequence>
-			<xs:element name="accessControlLocationRegion" type="m2m:accessControlLocationRegion" minOccurs="0"
-				maxOccurs="unbounded" />
-		</xs:sequence>
+	<xs:complexType name="locationRegion" >
+		<xs:choice>
+			<xs:element name="countryCode" type="m2m:listofCCs"/>
+			<xs:sequence>
+				<xs:element name="circRegion" minOccurs="0">
+					
+					<!-- "circularRegion" is an ordered list of following three parameters of data type float ´
+		 										 1) longitude in the range +/-180 degrees  
+		 										 2) latitude in the range +/-90 degrees, 
+		  										 3) radius in meters      -->
+					<xs:simpleType>
+						<xs:restriction>
+							<xs:simpleType>
+								<xs:list itemType="xs:float"/>
+							</xs:simpleType>
+							<xs:minLength value="3"/>
+							<xs:maxLength value="3"/>
+						</xs:restriction>
+					</xs:simpleType>
+				</xs:element>
+				
+			</xs:sequence>
+		</xs:choice>
 	</xs:complexType>
 
-	<xs:complexType name="accessControlLocationRegion">
-		<xs:sequence>
-			<xs:element name="latitude" type="xs:float" minOccurs="0" />
-			<xs:element name="longitude" type="xs:float" minOccurs="0" />
-			<xs:element name="radius" type="xs:float" minOccurs="0" />
-			<xs:element name="countryCode" type="m2m:countryCode" minOccurs="0" />
-		</xs:sequence>
-	</xs:complexType>
+	<!-- "listOfIPv4" is a space separated list of IPv4 addresses -->
+	<xs:simpleType name="listOfIPv4">
+		<xs:list itemType="m2m:ipv4"/>
+	</xs:simpleType>
 
+	<!-- "listOfIPv6" is a space separated list of IPv6 addresses -->
+	<xs:simpleType name="listOfIPv6">
+		<xs:list itemType="m2m:ipv6"/>
+	</xs:simpleType>
 
-	<!-- TODO: check if a CR to TS-0004 or TS-0003 is needed -->
+	<!-- countryCode as defined in TS-0004 -->
 	<xs:simpleType name="countryCode">
 		<xs:annotation>
 			<xs:documentation>2-character country code as defined by ISO-3166</xs:documentation>
 		</xs:annotation>
 		<xs:restriction base="xs:string">
-			<xs:pattern value="[A-Z]{2}"></xs:pattern>
+			<xs:pattern value="[A-Z]{2}"/>
 		</xs:restriction>
 	</xs:simpleType>
 
+	<!-- "listOfCCs" is a space separated list of 2-digit country codes-->
+	<xs:simpleType name="listofCCs">
+		<xs:list itemType="m2m:countryCode"/>
+	</xs:simpleType>
+
+
+	<!-- Initial IPv4 and IPv6 address representation types were found here:
+     http://lists.w3.org/Archives/Public/www-xml-schema-comments/2005OctDec/0138.html, CIDR suffix has been added  -->
+
+	<!--  TODO: Need to add more descriptive text into TS-0004 about structure of IPv4 and IPv6 addresses with optional CIDR suffix -->
+	<xs:simpleType name="ipv4">
+		<xs:annotation>
+			<xs:documentation> An IP version 4 address, with optional CIDR suffix in the range /0
+				... /32. </xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:token">
+			<xs:pattern
+				value="(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])(/([0-9]|[1-2][0-9]|3[0-2]))?"/>
+			<xs:pattern value="[0-9A-Fa-f]{8}(/([0-9]|[1-2][0-9]|3[0-2]))?"/>
+		</xs:restriction>
+	</xs:simpleType>
+
+	<xs:simpleType name="ipv6">
+		<xs:annotation>
+			<xs:documentation> An IP version 6 address, based on RFC 1884, with optional CIDR suffix
+				in the range /0 ... /128. </xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:token">
+			<!-- Fully specified address -->
+			<xs:pattern
+				value="[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){7}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<!-- Double colon start -->
+			<xs:pattern value=":(:[0-9A-Fa-f]{1,4}){1,7}"/>
+			<!-- Double colon middle -->
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1}(:[0-9A-Fa-f]{1,4}){1,6}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<!-- Double colon end -->
+			<xs:pattern value="([0-9A-Fa-f]{1,4}:){1,7}:(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<!-- Embedded IPv4 addresses without CIDR suffix. Should IPv4 CIDR suffix be added?-->
+			<xs:pattern
+				value="((:(:0{1,4}){0,3}(:(0{1,4}|[fF]{4}))?)|(0{1,4}:(:0{1,4}){0,2}(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){2}(:0{1,4})?(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){3}(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){4}(0{1,4}|[fF]{4})?)):(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])"/>
+			<!-- The unspecified address -->
+			<xs:pattern value="::(/0)?"/>
+		</xs:restriction>
+	</xs:simpleType>
+
+	<!-- access control operations -->
+	<xs:simpleType name="accessControlOperations">
+		<xs:annotation>
+			<xs:documentation>Shall be considered for access control policy check by the
+				CSE</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:integer">
+			<!-- Create -->
+			<xs:enumeration value="1"/>
+			<!-- Retrieve -->
+			<xs:enumeration value="2"/>
+			<!-- Create + Retrieve -->
+			<xs:enumeration value="3"/>
+			<!-- Update -->
+			<xs:enumeration value="4"/>
+			<!-- Create + Update -->
+			<xs:enumeration value="5"/>
+			<!-- Retrieve + Update -->
+			<xs:enumeration value="6"/>
+			<!-- Create + Retrieve + Update -->
+			<xs:enumeration value="7"/>
+			<!-- Delete -->
+			<xs:enumeration value="8"/>
+			<!-- Create + Delete -->
+			<xs:enumeration value="9"/>
+			<!-- Retrieve + Delete -->
+			<xs:enumeration value="10"/>
+			<!-- Create + Retrieve + Delete -->
+			<xs:enumeration value="11"/>
+			<!-- Update + Delete -->
+			<xs:enumeration value="12"/>
+			<!-- Create + Update + Delete -->
+			<xs:enumeration value="13"/>
+			<!-- Retrieve + Update + Delete -->
+			<xs:enumeration value="14"/>
+			<!-- Create + Retrieve + Update + Delete -->
+			<xs:enumeration value="15"/>
+			<!-- Notify -->
+			<xs:enumeration value="16"/>
+			<!-- Create + Notify -->
+			<xs:enumeration value="17"/>
+			<!-- Retrieve + Notify -->
+			<xs:enumeration value="18"/>
+			<!-- Create + Retrieve + Notify -->
+			<xs:enumeration value="19"/>
+			<!-- Update + Notify -->
+			<xs:enumeration value="20"/>
+			<!-- Create + Update + Notify -->
+			<xs:enumeration value="21"/>
+			<!-- Retrieve + Update + Notify -->
+			<xs:enumeration value="22"/>
+			<!-- Create + Retrieve + Update -->
+			<xs:enumeration value="23"/>
+			<!-- Delete + Notify -->
+			<xs:enumeration value="24"/>
+			<!-- Create + Delete + Notify -->
+			<xs:enumeration value="25"/>
+			<!-- Retrieve + Delete + Notify -->
+			<xs:enumeration value="26"/>
+			<!-- Create + Retrieve + Delete + Notify -->
+			<xs:enumeration value="27"/>
+			<!-- Update + Delete + Notify -->
+			<xs:enumeration value="28"/>
+			<!-- Create + Update + Delete + Notify -->
+			<xs:enumeration value="29"/>
+			<!-- Retrieve + Update + Delete + Notify -->
+			<xs:enumeration value="30"/>
+			<!-- Create + Retrieve + Update + Delete + Notify -->
+			<xs:enumeration value="31"/>
+			<!-- Discover -->
+			<xs:enumeration value="32"/>
+			<!-- Create + Discover -->
+			<xs:enumeration value="33"/>
+			<!-- Retrieve + Discover -->
+			<xs:enumeration value="34"/>
+			<!-- Create + Retrieve + Discover -->
+			<xs:enumeration value="35"/>
+			<!-- Update + Discover -->
+			<xs:enumeration value="36"/>
+			<!-- Create + Update + Discover -->
+			<xs:enumeration value="37"/>
+			<!-- Retrieve + Update + Discover -->
+			<xs:enumeration value="38"/>
+			<!-- Create + Retrieve + Update + Discover -->
+			<xs:enumeration value="39"/>
+			<!-- Delete + Discover -->
+			<xs:enumeration value="40"/>
+			<!-- Create + Delete + Discover -->
+			<xs:enumeration value="41"/>
+			<!-- Retrieve + Delete + Discover -->
+			<xs:enumeration value="42"/>
+			<!-- Create + Retrieve + Delete + Discover -->
+			<xs:enumeration value="43"/>
+			<!-- Update + Delete + Discover -->
+			<xs:enumeration value="44"/>
+			<!-- Create + Update + Delete + Discover -->
+			<xs:enumeration value="45"/>
+			<!-- Retrieve + Update + Delete + Discover -->
+			<xs:enumeration value="46"/>
+			<!-- Create + Retrieve + Update + Delete + Discover -->
+			<xs:enumeration value="47"/>
+			<!-- Notify + Discover -->
+			<xs:enumeration value="48"/>
+			<!-- Create + Notify + Discover -->
+			<xs:enumeration value="49"/>
+			<!-- Retrieve + Notify + Discover -->
+			<xs:enumeration value="50"/>
+			<!-- Create + Retrieve + Notify + Discover -->
+			<xs:enumeration value="51"/>
+			<!-- Update + Notify + Discover -->
+			<xs:enumeration value="52"/>
+			<!-- Create + Update + Notify + Discover -->
+			<xs:enumeration value="53"/>
+			<!-- Retrieve + Update + Notify + Discover -->
+			<xs:enumeration value="54"/>
+			<!-- Create + Retrieve + Update + Discover -->
+			<xs:enumeration value="55"/>
+			<!-- Delete + Notify + Discover -->
+			<xs:enumeration value="56"/>
+			<!-- Create + Delete + Notify + Discover -->
+			<xs:enumeration value="57"/>
+			<!-- Retrieve + Delete + Notify + Discover -->
+			<xs:enumeration value="58"/>
+			<!-- Create + Retrieve + Delete + Notify + Discover -->
+			<xs:enumeration value="59"/>
+			<!-- Update + Delete + Notify + Discover -->
+			<xs:enumeration value="60"/>
+			<!-- Create + Update + Delete + Notify + Discover -->
+			<xs:enumeration value="61"/>
+			<!-- Retrieve + Update + Delete + Notify + Discover -->
+			<xs:enumeration value="62"/>
+			<!-- Create + Retrieve + Update + Delete + Notify + Discover -->
+			<xs:enumeration value="63"/>
+		</xs:restriction>
+	</xs:simpleType>
 
 </xs:schema>